About Me
MikroTik Certified Switching Engineer (MTCSWE)
1 Introduction to Networking
1-1 Basic Networking Concepts
1-2 OSI Model
1-3 TCPIP Model
1-4 Network Devices
2 MikroTik RouterOS Basics
2-1 Introduction to RouterOS
2-2 RouterOS Interface Types
2-3 Basic Configuration
2-4 User Management
2-5 System Logging
3 Switching Fundamentals
3-1 Introduction to Switching
3-2 MAC Addresses
3-3 Ethernet Frame Structure
3-4 VLAN Basics
3-5 Trunking and Inter-VLAN Routing
4 MikroTik SwitchOS Basics
4-1 Introduction to SwitchOS
4-2 SwitchOS Interface Types
4-3 Basic Configuration
4-4 User Management
4-5 System Logging
5 VLAN Configuration
5-1 VLAN Creation and Configuration
5-2 VLAN Trunking Protocol (VTP)
5-3 Inter-VLAN Routing
5-4 VLAN Security
6 Spanning Tree Protocol (STP)
6-1 Introduction to STP
6-2 STP Operation
6-3 Rapid Spanning Tree Protocol (RSTP)
6-4 Multiple Spanning Tree Protocol (MSTP)
6-5 STP Configuration
7 Link Aggregation
7-1 Introduction to Link Aggregation
7-2 Link Aggregation Control Protocol (LACP)
7-3 Static Link Aggregation
7-4 Link Aggregation Configuration
8 Quality of Service (QoS)
8-1 Introduction to QoS
8-2 QoS Models
8-3 Traffic Shaping and Policing
8-4 QoS Configuration
9 Security Features
9-1 Introduction to Network Security
9-2 Port Security
9-3 Access Control Lists (ACLs)
9-4 DHCP Snooping
9-5 Dynamic ARP Inspection (DAI)
10 Advanced Switching Topics
10-1 Layer 3 Switching
10-2 Multicast Routing
10-3 Link Layer Discovery Protocol (LLDP)
10-4 Power over Ethernet (PoE)
11 Troubleshooting and Maintenance
11-1 Common Switching Issues
11-2 Troubleshooting Tools
11-3 Switch Maintenance
11-4 Backup and Restore
12 MikroTik Certification Exam Preparation
12-1 Exam Overview
12-2 Study Tips
12-3 Practice Questions
12-4 Exam Registration and Scheduling
9.3 Access Control Lists (ACLs) Explained

9.3 Access Control Lists (ACLs) Explained

Key Concepts of Access Control Lists (ACLs)

Access Control Lists (ACLs) are a fundamental security feature used to control access to network resources. Key concepts include:

Rules

ACL rules define the conditions under which packets are allowed or denied access to network resources. These conditions can be based on various criteria such as source IP address, destination IP address, protocol, and port number.

Example: A rule might specify that all traffic from the IP address 192.168.1.10 is allowed to access the web server, while traffic from any other IP address is denied.

Permit and Deny

Permit and Deny are the actions applied to packets based on the ACL rules. A "Permit" action allows the packet to pass through, while a "Deny" action blocks the packet.

Example: If an ACL rule permits traffic from a specific IP address, packets from that address will be allowed to access the network resource. Conversely, if the rule denies traffic from another IP address, those packets will be blocked.

Order of Rules

The order in which ACL rules are applied is crucial. The first rule that matches the packet's criteria determines the action taken. Subsequent rules are not evaluated if a match is found.

Example: If an ACL has a rule to permit traffic from 192.168.1.10 followed by a rule to deny all other traffic, packets from 192.168.1.10 will be permitted, and packets from other addresses will be denied.

Wildcards

Wildcards provide flexible matching criteria in ACL rules. They allow for more generalized conditions, such as matching a range of IP addresses or specific bits within an IP address.

Example: A wildcard might be used to permit all traffic from the subnet 192.168.1.0/24, allowing any device within that subnet to access the network resource.

Logging

Logging records the actions taken by ACLs, providing valuable information for monitoring and troubleshooting. Logs can show which rules were applied to which packets and the resulting actions.

Example: Enabling logging for an ACL can help identify unauthorized access attempts by showing which IP addresses were denied access and when those attempts occurred.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.